How to remove ms system apps permanently?
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: How to remove ms system apps permanently?

  1. #1
    Senior Member
    Join Date
    Aug 2003
    Posts
    185

    How to remove ms system apps permanently?

    last time when i was in irc my firewall pops up and asked me to allow ftp.exe to act.
    uh?
    that makes me to decide to remove ftp.exe and tftp.exe from my win2k.
    but there were them again...(w2k asked to put things right #cos the files had been replaced
    by older versions)
    o.k. it's the servicepack i thought to myself and deleted them fom the servicepack folder,too.
    now this w2k says i have to put in my servicepack CD to get the files back.
    i clicked abort in the lil boxes two times and thought :now you got it.
    but NO!!!
    they are back again now.
    maybe i'd forgotten to take the CD out of the cdrom drive and it was in while booting up.
    however...is there a solution?
    how to tell w2k that i do NOT want these files?

    thx in advance
    Industry Kills Music.

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    Is ftp within your services. If you disable it in services it shouldn't be able to run. Definetely don't allow it to act. You must have gotten a request from port 21. Just check to see if it is in the list of services and disable it there and hopefully it will never ask again if you want it to act.

    edit
    Yes I did misunderstand. Maybe you could try renaming the files.

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    you misunderstood ... someone tries to transfer files via ftp.exe with help of a script
    unknown started the ftp.exe found in C:\winnt\system32\
    it's the ms cmdline ftpclient.
    if you don't need it its always a good decision to remove ftp.exe and tftp.exe,a very good decision.
    it has nothing to do with running services.
    i'm not speakin bout msftpsvc

    i only want to get rid of the files, but a function i don't know checks the files replaced by the servicepack and does everything to get it back in place.
    so..is there a list file or a registry key where these files are nounced to get checked??

    btw. only the thing that i never used ftp.exe before keeps me from getting malwared
    stuff or trojan.
    Industry Kills Music.

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Its a "protection feature". It will automatically replace the file if it can't find it.

    Normally it will pull files from:

    *i386* directories
    c:\windows\servicepacks\i386
    c:\lastgood

    If you delete them from there... they can't come back.

    I used to have this problem with windows update.

    You can also find them all by searching for "*i386*,*ftp*, *tftp*" (w/o the "") and that will find them all for you to delete.

  5. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    Originally posted here by phishphreek80
    Its a "protection feature". It will automatically replace the file if it can't find it.
    yeah, it's an anti-protectionfeature
    Normally it will pull files from:

    *i386* directories
    c:\windows\servicepacks\i386
    c:\lastgood

    If you delete them from there... they can't come back.
    don't come back 'til you will insert the servicepackCD
    btw you are not running 2k ???
    I used to have this problem with windows update.

    You can also find them all by searching for "*i386*,*ftp*, *tftp*" (w/o the "") and that will find them all for you to delete.
    i already did a search by doin:
    dir /s c:\*ftp.exe {yes,I'm a commandline junkie}

    i was really surprised to get the files back
    removing these files is a major security issue...
    so I HAVE TO KNOW how to tell w2k that i do NOT want them back !!

    haven't we all to know that?

    ...hmmm...again i have to find out by myself..[?]
    Industry Kills Music.

  6. #6
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    If you remove them by Add and Remove Windows Component? I'm not sure if this would work but it worth a try!
    -Simon \"SDK\"

  7. #7
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    Pull them from the driver cache first....then do a search and delete all other instances.
    "It is a shame that stupidity is not painful" - Anton LaVey

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    btw you are not running 2k ???
    No, I was using XP Pro at the time I posted that.

    removing these files is a major security issue...
    so I HAVE TO KNOW how to tell w2k that i do NOT want them back !!
    Why not just remove all permissions from them? Then they can't be run, or replaced...

    Though... anyone with admin priv. can change the permissions back...

    Or... I'm not sure how smart this protection mechanism is.. but you might be able to replace it with another innocent program... just rename another program to ftp.exe or tftp.exe and put it in there to replace it. This is just a guess.... as I've never tried it.
    Something like sol.exe. They can't get far with that. LoL
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    hey,cool, ,it works!!
    it seems it is only checked wether a file with the specific name is there and has the correct (service-pack) version.

    thx, phishphreek80 !!

    (
    del ftp.exe
    copy cmd.exe ftp.exe
    )
    Industry Kills Music.

  10. #10
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I'm not quite sure if cmd.exe would be a good replacement... as it is possible to do damage with that.

    I'm not sure if a website could execute that with a script in the html and then pass it commands, or anything like that... thats why I suggested solitare.

    Just out of curiosity... what happens when you type in ftp://somewebaddy.com into your web brower? Does that still work? I don't know if your browser relies on the ftp.exe... /me wonders.

    I suppose I could play with it a bit... hmmmm...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •